Chris,
Thanks for your reply. I will implement your recommendations in my next
iterations.
Currently I did as below.
I copied the keystore file as /home/apexadmin/.keystore
and made below entry in server.xml
<Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="200" redirectPort="8443" scheme="https" >
<Certificate certificateFile="/home/apexadmin/.keystore"
keystorePass="changeit" type="RSA"
clientAuth="false" SSLEnabled="true"
sslProtocol="TLS"
>
</Certificate>
</Connector>
Opened the port 8443 and recycled tomcat.
But no use
Thanks
Venkat
>>> Christopher Schultz <ch...@christopherschultz.net> 8/2/2018 12:09 PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Venkataraman,
On 8/2/18 12:05 PM, Venkataraman Srinivasan wrote:
> I used below command to create certificate locally.
>
> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
> /opt/tomcat/apache-tomcat-8.5.32/keystore
Okay, so you have a self-signed certificate.
Have you tried anything to configure Tomcat for TLS/SSL? If so, what?
If you haven't tried anything, yet, have you read any documentation on
the Tomcat site for how to configure TLS?
(BTW, you probably have a certificate that doesn't last as long as you
might think, and the key might not have as many bits as you might
like. Consider inspecting the certificate and key to see the details
and decide if it meets your needs. Personally, I always use RSA keys
of at least 4096-bits and use SHA256 signatures on the certificates.
The validity period is up to you. You might also consider using an EC
key+certificate, since the same "strength" key+cert can be processed
with less CPU time than an equivalent RSA key.)
- -chris
>>>> Christopher Schultz <ch...@christopherschultz.net> 8/2/2018
>>>> 12:03 PM >>>
> Venkataraman,
>
> On 8/2/18 12:00 PM, Venkataraman Srinivasan wrote:
>> Please help me in enabling SSL certificate in Tomcat Apache
>> servers.
>
> Do you already have a certificate signed by a CA?
>
> What have you already tried?
>
> -chris
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> ----------
>
> This email has been scanned for spam and viruses. Visit the
> following link to report this email as spam:
> https://attseg.cloud-protect.net/index01.php?mod_id=11&mod_option=logi
tem&mail_id=1533225806-BgkdviBw265M&r_address=venkataraman.srinivasan%40
gcrta.org&report=1
>
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjLMIACgkQHPApP6U8
pFhsww/+OYuxpSdXU+twUKitl7UP6njGDFZdB3y6r0MEmv8Y5lzKeZRXr+VAru3r
RDv1kBg6v2ohaAR2+kjZ7xxueIDauaHcvnOCgnrFYq84ZI4vQgWKosaCc78OTv9e
H9jSE6wA29jwvgijSIDn5X3aAHugXVbBD6gKkZcFCOsi7MLmiZGljTie6qe1r+s7
mSF2lRy09TsiQX3c86wEV+Lp0280eRufDvphuu6Kto+AzNy8f4AHSXZ0smHQ8QB4
QM8vm23YXAOwnnbeljWsSdvN0KpjjzedHGzgZqhTKnu+vBiYxBp7+bJ5x9Lld8iS
YaYTFQtOFvG3jcQwptGN2X1e0fPdALOxWblRaIFZNq4U1WwIiOEcrgCTQNnsTOxM
IfEfMYugik7o7l2SwZZV5tqT+H++GehzBvHdXk0r40q+EBaioyws58DvB1/7FSb7
Vk4oKNjfDT5Hq04KMRtXlX7TB940OQuy7ckRF4bB8yUKQai0xqXANIfEQLpCHU6q
xuBM/5UOXjC7/KsEKgwFaLh7LeCLvl/6GLXpf9P3Wtg4Ahb57k61BhU2YsEZVop5
oX+Uf233f2IdUrEOq5/Kj302LP9DGcPZzjX2rWI7CpPEgOahTFpKxvJc4EoqZYah
WpWWL/m9yv57emaBeoxZtZJEfoHz/P8d/kd+x0e6jGq9Tl6yOKg=
=tj+4
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
----------
This email has been scanned for spam and viruses. Visit the following link to
report this email as spam:
https://attseg.cloud-protect.net/index01.php?mod_id=11&mod_option=logitem&mail_id=1533226184-8zaWI97tys-m&r_address=venkataraman.srinivasan%40gcrta.org&report=1
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
